Skip to content
Snippets Groups Projects
Commit 6afad4b3 authored by Brian Delwiche's avatar Brian Delwiche Committed by Android Build Coastguard Worker
Browse files

Fix heap-buffer overflow in sdp_utils.cc 

Fuzzer identifies a case where sdpu_compare_uuid_with_attr crashes with
an out of bounds comparison.  Although the bug claims this is due to a
comparison of a uuid with a smaller data field thana the discovery
attribute, my research suggests that this instead stems from a
comparison of a 128 bit UUID with a discovery attribute of some other,
invalid size.

Add checks for discovery attribute size.

Bug: 287184435
Test: atest bluetooth_test_gd_unit, net_test_stack_sdp
Tag: #security
Ignore-AOSP-First: Security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7bbdb139bf91dca86c72c33a74c0e3407938c487)
Merged-In: I8e16ae525815bcdd47a2379ee8e5a6de47a3ac43
Change-Id: I8e16ae525815bcdd47a2379ee8e5a6de47a3ac43
parent b0e43755
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment